This Week in Cybersecurity: Sep 11 – Sep 15

Written by Andrew Doyle

September 15, 2023

This Week in Cybersecurity – Sep 11 – Sep 15

ALPHV Brings MGM Resorts to a Halt in Ten Minutes

In a recent cyber incident that has shaken the operations of MGM Resorts, the ALPHV/BlackCat ransomware group has emerged as the main culprit. This unanticipated breach originated from an unusual source, LinkedIn, raising questions about the vulnerabilities associated with professional networking platforms. Read more

3AM Ransomware Threat Actor Deploys Bitwise Spider in the Wild

A novel strain of ransomware known as “3AM” has surfaced, marking its presence in the cybersecurity landscape. This malware variant made its debut after being identified in a single security incident, during which an unidentified affiliate turned to 3AM following an unsuccessful attempt to deploy the Bitwise Spider AKA LockBit ransomware in a targeted network. Read more

New Phishing Campaign Targets Corporations Through Microsoft Teams Messages

Microsoft has issued a warning regarding a new phishing campaign orchestrated by an initial access broker, which involves exploiting Microsoft Teams messages as bait to breach corporate networks. This campaign, dubbed Storm-0324 (also known as TA543 and Sagrid), marks a departure from the traditional… Read more

Critical GitHub Flaw Puts Over 4,000 Repositories at Risk of Repojacking

In a recent revelation concerning GitHub, a significant vulnerability has come to light, potentially placing thousands of repositories in danger of repojacking attacks. This security flaw centers around the exploitation of a race condition within GitHub’s processes related to repository creation and username renaming. This vulnerability, if successfully leveraged, carries severe implications for… Read more

Redfly Group Compromised National Grid by Deploying ShadowPad Malware

A threat actor known as Redfly has been identified in connection with a breach of a national grid of an unspecified Asian nation. The intrusion is reported to have lasted up to six months earlier this year and was executed through the utilization of the ShadowPad malware. According to the Symantec Threat Hunter Team, which is a division of Broadcom, Redfly successfully exfiltrated credentials and compromised multiple… Read more

MetaStealer Malware Strikes macOS Devices in Recent Campaign

A recently discovered malware strain, known as MetaStealer, has emerged as a significant threat to Apple macOS users. This development adds to the growing roster of malware families targeting the macOS ecosystem, joining the ranks of Stealer, Pureland, Atomic Stealer, and Realst. According to insights provided by cybersecurity experts, MetaStealer is strategically employed by threat actors who actively target… Read more

Charming Kitten Uses ‘Sponsor’ Backdoor to Target Brazil, Israel, and U.A.E.

The Iranian threat actor known as Charming Kitten has resurfaced, launching a fresh wave of attacks with a focus on Brazil, Israel, and the United Arab Emirates (U.A.E.). This campaign has been associated with the deployment of a previously undisclosed backdoor, known as “Sponsor.” The campaign is being meticulously monitored by Slovak cybersecurity experts, who have aptly dubbed it “Ballistic Bobcat.” An analysis of victimology patterns indicates that… Read more

PowerShell-Based Attacks Target Windows Systems to Extract NTLMv2 Hashes

Hackers are exploiting a PowerShell script associated with a legitimate red teaming tool to extract NTLMv2 hashes from compromised Windows systems. The operation, dubbed “Steal-It” by Zscaler ThreatLabz, has primarily targeted systems in Australia, Poland, and Belgium. In this scheme, threat actors employ customized versions of Nishang’s Start-CaptureServer PowerShell script. They execute various system commands and exfiltrate the stolen data via… Read more

HijackLoader Modular Malware Loader Uses Code Injection and Evades Detection

A new malware loader named is being utilized as a delivery mechanism for various malicious payloads, including DanaBot, SystemBC, and RedLine Stealer. HijackLoader’s uniqueness lies in its modular architecture, enabling it to employ multiple modules for code injection and execution, a feature uncommon among most loaders. Despite its lack of advanced features… Read more

Crypto-Miners Exploit Legitimate Advanced Installer Tool in Cyberattacks

Advanced Installer, a legitimate Windows tool commonly used for software packaging, has been exploited by malicious actors to distribute cryptocurrency-mining malware since November 2021. This abuse involves packaging genuine software installers, including applications like Adobe Illustrator, Autodesk 3ds Max, and SketchUp Pro, with malicious scripts. The malefactors then employ Advanced Installer’s Custom Actions feature to… Read more

Related Articles

Stay Up to Date With The Latest News & Updates

Join Our Newsletter


Subscribe To Our Newsletter

Sign up to our weekly newsletter summarizing everything thats happened in data security, storage, and backup and disaster recovery

You have Successfully Subscribed!